本文转自:https://www.petenetlive.com/KB/Article/0001272

Problem

I was setting up a Cisco ASA this week and needed to enable the ability for users to reset their domain passwords when they are about to expire. To actually test that, I needed a test user that had their password either about to expire, or actually expired. As I dint want to wait 42 days, or setup a password policy just for one user, I needed to find a ‘quick and dirty’ fix for one user.

Solution

You need to open Active Directory Users and Computers, and you need to have ‘Advanced options’ enabled. Locate your user and open their properties > Attribute Editor > Attributes > pwdLastSet.

Change AD User Password Expiry

If you want to set it to expired, then set its value to Zero.

Edit pwdLastSet

It should change to <never>, which is not strictly true, it actually changes to 12:00AM January 1st 1601.

Set password to Expired

Note: If you set its value to -1 and apply the change it resets the attribute to the current day and time (you may need to close and reopen the property dialog to see the change).